Описание
An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManager#run calls alert_error without escaping, escape sequence injection is possible. (There are many ways to cause an error.)
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | rubygems | Will not fix | ||
| Red Hat Software Collections | rh-ruby23-ruby | Fix deferred | ||
| Red Hat Software Collections | rh-ruby26-ruby | Not affected | ||
| CloudForms Management Engine 5.10 | cfme | Fixed | RHSA-2019:1429 | 11.06.2019 |
| CloudForms Management Engine 5.10 | cfme-amazon-smartstate | Fixed | RHSA-2019:1429 | 11.06.2019 |
| CloudForms Management Engine 5.10 | cfme-appliance | Fixed | RHSA-2019:1429 | 11.06.2019 |
| CloudForms Management Engine 5.10 | cfme-gemset | Fixed | RHSA-2019:1429 | 11.06.2019 |
| CloudForms Management Engine 5.10 | ruby | Fixed | RHSA-2019:1429 | 11.06.2019 |
| Red Hat Enterprise Linux 7 | ruby | Fixed | RHSA-2019:1235 | 15.05.2019 |
| Red Hat Enterprise Linux 7.4 Advanced Update Support | ruby | Fixed | RHSA-2020:2769 | 30.06.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManager#run calls alert_error without escaping, escape sequence injection is possible. (There are many ways to cause an error.)
An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManager#run calls alert_error without escaping, escape sequence injection is possible. (There are many ways to cause an error.)
An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since ...
Уязвимость модуля Gem::CommandManage системы управления пакетами RubyGems, связанная с недостаточным экранированием, позволяющая нарушителю нарушить целостность данных
EPSS
5.3 Medium
CVSS3